CVE-2023-22701: 
WordPress vulnerability analysis and mitigation

The CVE-2023-22701 is a Missing Authorization vulnerability affecting the Shopfiles Ltd Ebook Store WordPress plugin versions through 5.775. The vulnerability was discovered by researcher yuyudhn and was publicly disclosed on April 19, 2023. The issue specifically involves the plugin's ebook_store_export_orders function, which lacks proper authorization checks (WPScan, Patchstack).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The technical issue stems from the absence of authorization checks in the ebook_store_export_orders function, which allows unauthenticated users to access and retrieve order information (Patchstack).

The vulnerability allows unauthenticated users to retrieve sensitive order information from the Ebook Store plugin. This represents a significant data disclosure risk as it enables unauthorized access to potentially sensitive customer and order details (WPScan).

The vulnerability has been fixed in version 5.78 of the Ebook Store plugin. Website administrators are strongly advised to update to this version or later to resolve the security issue. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).